The present invention relates to memories and, in particular, to memories which are non-imprinting and may be reliably and quickly erased.
There are known in the art a number of devices which include a memory for storing information. In some applications of such devices, such as where the device or system requires the storage of information comprising secret, confidential and/or sensitive data, including data such as cryptographic keys, algorithms or identity information. It is a critical system requirement with respect to such device applications to protect the stored information from improper or unauthorized access.
Many of these devices include a functionality for actively detecting an impending attack against the device (such as might occur when an unauthorized attempt is being made to gain access to the information stored in the memory). In response to the detection of such an attack, it is imperative that all secret, confidential and/or sensitive data stored in the memory be erased. In order to minimize, if not eliminate, the risk of access being gained to this information, the erasure of memory contents must be quickly and reliably accomplished by the device itself. The functionality necessary to achieve these goals can be costly and complex.
Many memory cell designs and technologies such as conventional static random access memory (SRAM) all share a common susceptibility to “data imprinting” which refers to a property of the memory to effectuate long term storage of data. In the case of SRAM implementations, the mechanisms for this relate to stresses placed on the gate oxide of a memory cell transistor during operation. These stresses arise as a result of the presence of a constant bias voltage on the memory cell over an extended period coupled with the cell being configured to store data of a certain logical value. This stress can lead to gate oxide charge accumulation which over time can progress to such a degree that it influences the power up state of the memory cell or leave sufficient data remnants which can be passively detected through advanced spectrographic analysis. Thus, the data, which was stored, is said to have left a permanent imprint through the stress induced oxide charge accumulation, and this imprint can be detected, and thus the logic state of the previously stored data identified, for a period of time long after power has been removed from the memory and/or the data has been purposefully erased. A number of active and passive methods are known in the art for discovering the state of an imprinted memory cell. To the extent that the memory cell stored secret, confidential and/or sensitive information, the imprinting would defeat any security actions to erase the cell which were taken in response to a detected impending attack against the device. This, of course, jeopardizes consumer trust in the device and can result in severe damages, which threaten electronic banking systems, facilitate identity theft, defeat access control systems or even more serious issues pertaining to national security.
Presently, the problem of imprinting is addressed by having the host central processing unit (CPU) alter or move data such that the secret, confidential and/or sensitive information does not remain in one memory location for a long enough period of time to imprint. However, designers and manufacturers of these devices or systems may choose not to implement this solution not only due to cost constraints, but also because the actions taken to move the data raise reliability issues (i.e., can the correct state and location of the data be tracked accurately and thus known) and because the read/write operations required for this solution require the consumption of significant amounts of power (which is unacceptable in power sensitive devices). Additionally, attack windows, although narrow, are nonetheless present and can be exploited to gain access to the secret, confidential and/or sensitive information.
As discussed above, in response to a detected impending attack against the device actions are taken by the device to erase all secret, confidential and/or sensitive data stored in the memory. There are problems, however, with the methods by which data is erased. One commonly used technique removes power from the memory and pulls supply voltage to a negative potential. Another technique causes the host CPU for the device to wake up in response to the detected threat and sequentially write to each memory location and thus overwrite the previously stored secret, confidential and/or sensitive data. Unfortunately, as is known in the art, each of these techniques can be relatively easily defeated and thus give a thief an opportunity to obtain access to the data.
In summary, at least two problems exist with conventional memory configurations. First, windows exist which provide sufficient time for data imprinting to take place. Second, the memories can not be reliably and quickly erased. There would be an advantage if means were provided for reliably and quickly erasing all or part of a non-imprinting memory which stores secret, confidential and/or sensitive information.